Hi CamwynF,
Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
--------------------------------------------------------------
Please go to:
VirusTotal
- On the page you'll find a "Browse" button.
- Next to the browse button you'll see a box to enter text.
- Please copy/paste the following in BOLD:
C:\Program Files\ComPlus Applications\rygorad77798.exe
- Then click the "Send File" button just below.
- This will scan the file. Please be patient.
- Once scanned, copy and paste the results in your next reply.
If VirusTotal is busy, try the same at
Jotti
--------------------------------------------------------------
- Restart your computer in Safe Mode
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8
- Instead of Windows loading as normal, a menu should appear
- Use the up arrow key to highlight Safe Mode and press Enter.
- Login with your usual account
- Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment
Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.
- Double-click on SmitfraudFix.exe to start the tool.
- Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
- You will be prompted : "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Normal Windows.
- The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
- Restart your computer in Normal Mode
--------------------------------------------------------------
Open
notepad and copy/paste the text in the quotebox below into it:
Quote:
KILLALL::
File::
C:\WINDOWS\tsitra11.exe
DirLook::
C:\From the Earth to the Moon
|
Save this as
CFScript
Refering to the picture above, drag CFScript into ComboFix.exe
Follow the prompts, and post the resulting log, C:\ComboFix.txt
Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
--------------------------------------------------------------
How is your system behaving now?
--------------------------------------------------------------
Please reply back with the following logs:
Virus Total Results
C:\rapport.txt
C:\ComboFix.txt
Update on system behaviour?